On Wed, 2005-11-23 at 09:43 -0800, [EMAIL PROTECTED] wrote:
> Hi, I am investigating kerberizing of our application using
> MIT Kerberos5.  Due to the nature of our application,
> we cannot use DNS and must use host IP addresses
> instead of hostnames during authentication.

I believe that host names are required for Kerberos operation, since
they are used in the service principal names.

However, host names aren't necessarily transferred over DNS. I also have
this problem when using services over IPv6, and to help out, I
implemented the FQDN over ICMP service for Linux. If you, too, are using
Linux, you can use the program:

<http://www.dolda2000.com/~fredrik/icmp-dn/>

FQDN over ICMP is specified in RFC 1788 -- it's just that neither the
Linux kernel nor any standard glibc NSS module implements it. Meaning:
It's not just some homebrew protocol of mine, but an open standard. I
don't think Windows supports it, but I'm fairly sure that it would work
when talking to *BSD machines.

Fredrik Tolf


________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to